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(54) Connection selection method 

(57) The invention relates to distribution of IP traffic 
between more than one route between a node and an 
IP network. The invention is concerned with a new meth- 
od tor distribution of connections between a plurality of 
possible routes for transmission of IP packet traffic be- 
tween a source node and end nodes, each of the routes 
being associated with a plurality of IP addresse. Accord- 
ing to the invention, a route is selected for a new con- 
nection to be established between the source node and 



an end node for transmission of packet traffic, the se- 
lected route is taken into use by translating source IP 
addresses of packets transmitted from the source node 
to said end node to an IP address associated with the 
selected route, and said selection of a route is per- 
formed on the basis of predefined criteria. Preferably, 
the selection of the route is performed on the basis of 
round trip times measured by a new method using pack- 
et replication. 
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Description 

TECHNICAL FIELD OF THE INVENTION 

[0001] The invention relates to load balancing of IP 
traffic between more than one route between a node and 
an IP network. More particularly, the invention relates to 
such a method as described in the preamble of the in- 
dependent method claim. 

BACKGROUND OF THE INVENTION 

[0002] IP network technology is presently in wide- 
spread use, the Internet being a manifest example of a 
network realized using Internet Protocol (IP). The IP pro- 
tocol provides a basic packet data transfer mechanism 
without error checking, acknowledgments or flow con- 
trol. Other protocols used in combination with the IP pro- 
tocol such as the TCP protocol are used to provide a 
reliable data transmission mechanism with transmission 
error correction, flow control and many other functions. 
The IP protocol is defined in the specification RFC 791 , 
and the TCP protocol is defined in the specification RFC 
793. An introduction to these protocols is presented in 
RFC 1180. In the .following, a short overview of these 
protocols are given. 

[0003] The IP protocol version 4 (IPv4) defined by 
RFC 791 has a limited address space due to the source 
and destination addresses being only 32 bits long. The 
current expansion of the Internet and the development 
of technology, the address space is filling out quickly. 
Therefore, version 6 of the IP protocol (IPv6) has been 
designed. The addresses in IPv6 are 128 bits long, al- 
lowing a vastly larger address space. There are also fur- 
ther motivations behind IPv6 and other differences be- 
tween IPv4 and IPv6. The IPv6 protocol is described in 
the specification RFC 1883. Some details of the TCP 
and IP protocols relevant to the present invention are 
described in the following with reference to figures 1 , 2, 
and 3. 

[0004] In the IP protocol, data is transmitted in so 
called datagrams, which contain a header part and a 
payload data part. Figure 1 shows the structure of an 
IPv4 header. In the following only some of the header 
fields are described. A detailed description can be found 
from the above mentioned RFC 791 . The first field, the 
four bits long version field, contains the version number 
which for IPv4 is 4. The total length field gives the length 
of the datagram, header and data part combined, as the 
number of octets i.e. groups of 8 bits. The source and 
destination addresses specily the IP address of the 
sender and the intended receiver. Various options can 
be specified in the options field, which may vary in length 
from datagram to datagram. The number of different op- 
tions specified in the options field may as well vary. The 
options field is not mandatory, i.e. in some datagrams 
there may be no options field at all. The padding field is 
used to ensure that the header ends on a 32 bit bound- 



ary. The padding field is filled with zeroes. After the pad- 
ding field comes the payload data part, whose length 
can be found out by the recipient of the datagram by 
subtracting the length of the header from the value of 

5 the total length field. 

[0005] Figure 2 illustrates the structure of an IPv6 
header. The IPv6 header is simpler than the IPv4 head- 
er, allowing faster processing of datagrams in transmis- 
sion nodes. The first four bits of the header comprise 

10 the version field, which for IPv6 contains the value 6. 
The payload length field specifies the length of the data 
part in octets. The next header field specifies the type 
of any header following this header. The next header 
may for example be a TCP header in case the IP data- 

*5 gram carries a TCP packet, or an extension header. The 
source and destination address fields, each consisting 
of four 32-bit words giving a total of 128 bits for each 
address, specify the sender and the intended receiver 
of the datagram. Instead of an options field, inclusion of 

20 optional data in the header is provided in IPv6 by so 
called extension headers, various extension header 
types are described in RFC 1883. There may be zero, 
one or more than one extension headers in an IPv6 da- 
tagram. 

25 [0006] Figure 3 illustrates the structure of a TCP 
header. The most relevant fields are described in the 
following. The other fields in a TCP header are de- 
scribed in the above mentioned RFC 793. 
[0007] The TCP header indicates a destination port 

30 number at the receiving host, to which the packet is di- 
rected. The TCP protocol makes it possible for many 
different services to exist at a single IP address, by in- 
troducing the concept of a port. A program can listen to 
a specific port, and receive any data sent to that port. 

3S Conversely, a program can send a packet to a specific 
port on a distant host. Therefore, the destination port 
number defines which service or program will receive 
the packet at the host specified by the IP address. Sim- 
ilarly, the source port number indicates, which service 

40 or program sent the TCP packet. 

[0008] The TCP data octets sent by a host are num- 
bered sequentially. The number of the first octet of data 
in the data part is included in the TCP header in the se- 
quence number field. Based on this number, the receiv- 
es jng second host can check whether TCP packets have 
arrived through the transmission network in the right or- 
der, and if any packets are missing. The second host 
conventionally sends an acknowledgment to the first 
host for each received packet. The acknowledgment 

so message is included in a normal TCP packet sent by the 
second host to the first host. The acknowledgment is 
indicated by the ACK flag and the acknowledgment 
number. The acknowledgment number is the sequence 
number of the next octet, which the sender of the packet 

55 is expecting to receive from the other end. If there is no 
other data to be sent from the second host to the first 
host, the payload data part can be empty in such an ac- 
knowledgment packet. If the second host is transmitting 
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data to the first host, the acknowledgment can be indi- 
cated in the headerof a packet containing some payload 
data. Therefore, the ACK messages do not always add 
transmission load. If a host does not receive an acknowl- 
edgment for some data within a timeout period, the data 
is retransmitted. 

[0009] The data 1 part follows the TCP header. The 
length of the data part is carried by the IP protocol, there- 
fore there is no corresponding field in the TCP header. 
[0010] Due to the small number of IP addresses avail- 
able in the IPv4 protocol, a technique known as network 
address translation (NAT) is used. With NAT, a private 
network such as the local area network of a company 
can be connected to the public Internet using only a 
small number of IP addresses of the public Internet, 
while allowing almost free, use of IP addresses for traffic 
within the private network; Sessions with nodes in the 
public Internet are initiated from the private network. The 
network element connecting the two networks and per- 
forming the NAT function stores the source address of 
the initiating node within the private network, and replac- 
es it by one of the small number of IP addresses of the 
public Internet: The network element stores the pair of 
an internal address and a public address, and performs 
source address translation, for packets traversing from 
the internal node to the public internet and destination 
address translation for packets traversing from the pub- 
lic Internet to the internal node. The network element 
retains the pair of addresses i.e. the binding until the 
internal node terminates all its connections to the public 
Internet, whereafter the network element may allocate 
the public address for use by another node of the inter- 
nal network. The. NAT function may alsouse the TCP 
port address in translation, whereby a binding specifies 
the pairing of an internal IP address and TCP port and 
an external I P address and a TCP port. Use of TCP ports 
in translation is used especially in the typical situation, 
in which the private traffic uses only one IP address of 
the public Internet.. In such a situation, packets belong- 
ing to different connections from/to different hosts in the 
private network are kept separate by using different TCP 
ports for the connections. 

[0011] The NAT functionality can also be used to in- 
crease the security of the internal network, since the 
NAT function hides the internal addresses, whereby the 
structure of the internal network is more difficult to de- 
duce from the outside. 

[0012] The use of more than one route between an 
internal network and an external network is also known. 
Figure 4 shows an example of such a configuration. Fig- 
ure 4 shows an internal IP network 10, an external net- 
work 40, a network element 20, three different routes 30 
between the network element 20 and an external net- 
work 40, and a node 50 in the external network. Typically 
each of the routes 30 correspond to an Internet Service 
Provider (ISP). The network element 20 can have a mo- 
. dem connection or even a fixed high speed connection 
to each of the ISP:s 30. The main advantages of using 



more than one route to the Internet are the higher trans- 
mission capacity of more than one route and reliability: 
if one of the routes 30 fail, the traffic can be directed to 
proceed via two other routes. Typically, the network el- 
s ement 20 also performs network address translation. 
[0013] A known way to divide the traffic between the 
internal network 10 and the external network 40 is the 
so called Multihomed AS (Autonomous System) config- 
uration. In Multihomed AS configuration, a route tospe- 
10 cific destination in the Internet is selected based on the 
path information received by routers via Border Gate- 
way Protocol (BGP-4) protocol. The BGP-4 protocol is 
described in detail in RFC 1771 . However, there are lim- 
itations in this approach. There is no way to guarantee 
is that the selected route has the best performance be- 
cause the route is selected only based on destination IP 
address. Additionally the BGP4 protocol does not re- 
spond quickly to changes in the network topology, which 
may cause outages on connections to parts of the Inter- 
ne net: f :--jr"i 

[0014] 1 Network address translation can also be used 
for load sharing. One such method is described in RFC 
2391 "Load Sharing using IP Network Address Transla- 
tion (LSNAT)". In the method, a new session is directed 
25 to a certain server in a pool of servers using the NAT 
technique. RFC 2391 also discloses some common al- 
gorithms for making load sharing decisions, i.e. to which 
server a' certain connection is to be directed. Some ex- 
amples of such algorithms are: 

30 . - . , /: 

- , Round-Robin algorithm, i.e. new connections are 

directed to the servers in a repeating sequence. 

This algorithm has the drawback, that differences 

in the load of servers are not taken into account. 
35 - - Least Load first algorithm, i.e. the server with least 

:number of sessions bound to it is selected to service 

a new session. This algorithm has the drawback, 
: that differences in the resource requirements of the 

new sessions are not taken into account, and that 
40 the capacities of the servers are neither taken into 

account. . 

- . Least traffic first algorithm, in which the volume of 

traffic of each server is measured by monitoring 
packet or byte count transferred by the server over 
-45 a period of time. 

- . Least Weighted Load first algorithm, in which differ- 
ent session types are given different weights, and 

servers having differing capacities are given differ- 
, ent weights. The total weight of current session on 
so each server is calculated, and the result is divided 
by the capacity weight value. A new session is di- 
rected to such a server, which has the smallest re- 
sult value. 

Response time monitoring algorithm, in which each 
55 server is periodically.- sent a packet, and the time 
elapsed until receiving the response packet is used 
as a measure of load. This algorithm has the draw- 
back, that the load may vary between consecutive 
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monitoring times, whereby the measured response 
time might not always represent the present situa- 
tion. The accuracy may naturally be increased by 
decreasing of the testing interval, but this increases 
the traffic load. 

[0015] Some further load sharing algorithms dis- 
closed in RFC 2391 take into account the cost of ac- 
cessing a server in combination with the previous algo- 
rithms. 

[0016] The patent US 5371852 shows an example of 
an application of techniques described in RFC 2391. 
The patent discloses a system, which translates ad- 
dresses in ingoing and outgoing packets between a 
cluster of computer nodes and an external network, 
making the cluster of computer nodes to appear- as a 
single node to the external network. 
[0017] The prior art does not disclose a method for 
load sharing of IP traffic between a number of routes, 
which method is transparent for the communicating par- 
ties, adjusts quickly to changes in the properties of the 
routes, and does not require a large processing power 
and data transfer capacity. A new solution is clearly 
needed. 

SUMMARY OF THE INVENTION 

[001 8] An object of the invention is to realize a method 
for load sharing of IP traffic between a number of routes 
between a computer node and an IP network; A further 
object of the invention is to realize a method for finding 
the fastest route among a number of routes from a com- 
puter node to a destination in an IP network. 
[001 9] The objects are reached by replicating connec- 
tion setup packets through each route to be tested, en- 
suring that reply packets come back through the same 
route, and by selecting the fastest route. 
[0020] The method according to the invention is char- 
acterized by that, which is specified in the characterizing 
part of the independent method claim. The system ac- 
cording to the invention is characterized by that, which 
is specified in the characterizing part of the independent 
claim directed to a system. The network element ac- 
cording to the invention is characterized by that, which 
is specified in the characterizing part of the independent 
claim directed to a network element. The dependent 
claims describe further advantageous embodiments of 
the invention. 

[0021] The invention is concerned with a new method 
for distribution of connections between a plurality of pos- 
sible routes for transmission of IP packet traffic between 
a source node and end nodes, each of the routes being 
associated with a plurality of IP addresse. According to 
the invention, a route is selected for a new connection 
to be established between the source node and an end 
node for transmission of packet traffic, the selected 
route is taken into use by translating source IP address- 
es of packets transmitted from the source node to said 



end node to an IP address associated with the selected 
route, and said selection of a route is performed on the 
basis of predefined criteria 

[0022] Preferably, the selection of the route is per- 
s formed on the basis of round trip times measured by a 
new method using packet replication. One or more IP 
packets carrying connection setup messages of a sec- 
ond protocol used on top of the I P protocol are replicated 
to traverse to the same end node in the external network 
10 through the available routes. The source addresses of 
the replicated packets are translated to addresses cor- 
responding to the particular route used for transmission 
of the particular replicated packet to ensure, that the re- 
turn packets come back the same route. The route that 
is provides the fastest response times from the end node 
is selected to be used for the new connection. The re- 
sponse times can be determined from the transmission 
of the initial packet to the reception of the response 
packet to the initial packet, or to the reception of a cer- 
20 tain later packet, such as the first packet after setup sig- 
nalling containing payload data. . 

BRIEF DESCRIPTION OF THE DRAWINGS 

25 [0023] The invention is described in more detail in the 
following with reference to the accompanying drawings, 
of which 

illustrates the structure of an IPv4 header, 

illustrates the structure of an IPv6 header, 

illustrates the structure of a TCP header, 

illustrates a configuration, in which a pri- 
vate network or a computer node is con- 
nected to an external network via multiple 
routes, 

illustrates a flow chart of a method accord- 
ing to an advantageous embodiment of the 
invention, 

illustrates a flowchart of a method accord- 
ing to a further advantageous embodiment 
of the invention, 

illustrates signalling according to an advan- 
tageous embodiment of the invention, 

illustrates a flow chart of an advantageous 
embodiment of the invention, and 

illustrates a system and a network element 
according to an advantageous embodi- 
ment of the invention. 

[0024] Same reference numerals are used for similar 
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entities in the figures. 
DETAILED DESCRIPTION 

[0025] Figure 5 shows an example of a method ac- 
cording to an advantageous embodiment of the inven- 
tion. Figure 5 shows an exemplary flow chart according 
to a method for balancing the load of connections be- 
tween at least two routes between a source and an IP 
network, which connections use the IP protocol and at 
least one second, protocol. Each of the at least two 
routes is associated with a plurality of IP addresses. 
Each route may be for example a route via a certain I SR 
which has its own IP address space registered for the 
ISP for use by the parties who access the IP network 
such as the Internetvia the ISP. 

[0026] . According to figure 5 the method comprises at 
least steps/ in which 

a first IP. datagram comprising a setup message of 
a second protocol is created 100 for initiating a new 
connection to an end node using said second pro- 
tocol, • 

said first IP datagram is sent 105 through a first 
route of the routes between the source node and 
said end node, 

said first IP datagram is copied 110 for creating a 
second IP datagram for sending through a second 
route of the routes between the source node and 
said end node, 

the source IP address of said second IP datagram 
is translated 115 to an IP address selected from the 
plurality of IP addresses associated with said sec- 
ond route, 

said second IP datagram is transmitted 1 20 via said 
second route to said end node, 
a first datagram comprising information of a prede- 
fined type is received 1 25 from said end node via 
one of the routes, and 

the route from which said first datagram comprising 
information of a predefined type is received is se- 
lected 130 as the route to be used. 

[0027] The method may further comprise a step, in 
which the source IP address of said first IP datagram is 
translated to an IP address selected from the plurality 
of IP addresses associated with said first route. Howev- 
er, that step might not always be necessary, as for ex- 
ample in such a configuration, where the first route is 
the principal connection from a source network to the IP 
network, and the internal I P addresses of the source net- 
work can be used in the IP network as well without any 
need of network address translation. 
[0028] The order of procedural steps shown in figure 
5 is only an example, and is not intended to limit the 
invention in any way. For example, the second IP data- 
gram may be created before the first IP datagram is 
sent. Further, the method may comprise steps, in which 
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further copies of the IP datagram are created, their 
source IP addresses translated, and sent through fur- 
ther, routes to said end node. For clarity, only two routes 
are shown in figure 5. The invention is not limited to any 

5 specific number of routes. Naturally, there needs to be 
at least two routes in order to allow selection of a route. 
[0029] In an advantageous embodiment of the inven- 
tion, said first datagram comprising information of a pre- 
defined type is a first response datagram sent by said 

10 end node as a response to one of said first and second 
IP datagrams. : 

[0030] Advantageously, connection setup signalling 
according, to said second protocol is continued via the 
selected route. The connection setup signalling via the 
is other route or other routes is preferably aborted for ex- 
ample by sending a connection reset signal or a corre- 
sponding signal. 

[0031] Figure 6 illustrates a flow chart.of a method ac- 
cording to a further advantageous embodiment of the 
20 invention. According to figure 6 the method comprises 
at least steps, in which . 

- a first IP datagram comprising a setup messaged 
a second protocol is created 100 for initiating a new 

25 connection to an end node using said second pro- 
tocol, 

said first IP datagram is sent 105 through a first 
route of the routes between the source node and 
said end node, 

30 - said first IP datagram is copied 1.10 for creating a 
second IP datagram for sending through a second 
route of the routes between the source node and 
said end node, 

- . the source. IP address of said second IP datagram 
35 is translated 1 1 5 to an I P address selected from the 

..plurality of IP addresses associated with said sec- 
ond route, 

said second IP datagram is transmitted 120 via said 
second route to said end node, 

40 - . after sending said first and second IP datagrams, 
.connection setup signalling procedure is continued 
: 1 22 via said first and said second route : 
a. first IP datagram containing pay load data accord- 
ing to the second protocol is received 1 25 from said 

45 end node via one of said first and said second route, 
and 

the route from which said first IP datagram contain- 
ing payload data according to the second protocol 
is received is selected 130 to be used for the new 
50 connection. 

[0032] In the step of continuing 122 the connection 
setup signalling, the IP datagrams comprising setup sig- 
nalling are replicated as in steps 110 and 115 for trans- 
55 mission through the second route. 

[0033] The embodiment according to figure 6 has an 
advantage in case of the second protocol being the TCP 
protocol. Some transparent proxies may participate ac- 
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tively in the setup of a TCP connection, i.e. send by 
themselves a SYN+ACK packet to the originating 
source, before such a packet is received from the end 
node. If such a proxy or another network element par- 
ticipating actively in the setup of TCP connections is 
within a route to the end node : measuring the round-trip 
time from the reception of the SYN+ACK packet at the 
source may give erroneous results. Therefore, waiting 
until the first payload data packet can in some cases be 
advantageous, since payload data originates only from 
the end node. 

[0034] In a preferred embodiment of the invention, 
said second protocol is the TCP protocol. This is advan- 
tageous at the time of writing this patent application, 
since the majority of data traffic in the Internet is HTTP 
(HyperText Transfer Protocol) traffic, and HTTP protocol 
is used on top of the TCP protocol. Therefore, the new 
connection whose route is selected according to the in- 
vention may be a TCP connection for transmitting HTTP 
traffic. 

[0035] Figure 7 shows signalling between a source 
10, a node 20, and two routes ROUTE 1 30a and 
ROUTE 2 30b. The node may be for example a gateway 
computer node connecting a company intranet 1 0 to ex- 
ternal networks via various routes 30a, 30b. Each of the 
at least two routes is associated with a plurality of IP 
addresses. Each route may be for example a route via 
a certain ISP, which has its own IP address space for 
use by the parties who access an IP network such as 
the Internet via the ISP However, the source 10 and 
node 20 entities may also exist in the same physical de- 
vice such as a computer, in which case the IP datagram 
traffic is originated in the same computer which per- 
forms the functions of a node 20 as described in the fol- 
lowing. 

[0036] In the first step 1 00, the source 1 0 creates and 
sends a TCP SYN packet for initiating a TCP connection 
to the end node. After receiving the packet, the node 20 
may translate the source IP address i.e. perform net- 
work address translation, if that is needed for transmis- 
sion of the packet via the first route. In any case, the 
node 20 sends 1 05 the first SYN packet, i.e. a TCP pack- 
et in which the SYN bit is set and the ACK bit is not set 
to the end node via the first route 30a. Next, the node 
20 copies 110 the first packet, translates 115 the source 
IP address, and transmits 120 the packet to the end 
node via the second route 30b. The node 20 then waits 
for the first response SYN+ACK packet from either of 
the routes to arrive. When the SYN+ACK packet arrives 
1 25 in this example from the second route, the node se- 
lects 130 route 2 to be used for the continuation. The 
node 20 performs any necessary network address 
translations and forwards 135 the SYN+ACK packet to 
the source 10. Consequently, the source 10 finishes the 
three-way TCP handshake by sending 140 an ACK 
packet back, which packet is forwarded 145 after corre- 
sponding network address translations to the end node 
via the second route 30b. When the node 20 receives 



150 a SYN+ACK packet from the first route 30a, the 
node 20 sends 155 a RST packet to route 1 to cancel 
the connection via route 1 . 

[0037] In a SYN+ACK packet, the SYN and ACK bits 
s are set, and in a RST packet, the RST bit is set. 

[0038] The order of steps in figure 7 is an example 
only, and may be different in other embodiments of the 
invention. Further, the step of copying a packet may be 
effected in the step of sending a packet. For example, 

io in one advantageous embodiment of the invention the 
node 20 comprises a buffer, to which the node 20 writes 
the packet received from the source. The node 20 can 
then translate the source IP address in the buffer to cor- 
respond to the route to which the packet will be sent 

is next, and send a copy of the packet to the route. 

[0039] The invention is not limited only to TCP con- 
nections for transmitting HTTP traffic since the invention 
can be used with many other protocols used on lop of 
the IP protocols. For example, various protocols for car- 

20 rying speech data can be used as the second protocol, 
whereby the inventive method allows load sharing of 
speech connections. The invention may be used with 
many different protocols, such as protocols for data 
transfer, speech, and video transmission. A reliable im- 

25 plementation of the invention only requires, that the start 
and the end of a connection according to the second 
protocol can be recognized by the entity such as a net- 
work element performing the method according to the 
invention. For example, the start of a TCP connection 

30 can be observed by observing the status bits of a TCP 
header: a TCP connection is started with a packet hav- 
ing the SYN bit set and the ACK bit not set; and the end 
of a connection is marked by a TCP packet having the 
FIN bit set. For speech connections according to for ex- 

35 ample some of the H.300-series protocols, the contents 
of the IP packets carrying the messages need to be read 
and interpreted for recognizing the messages indicating 
the start and the end of a connection. The^ second pro- 
tocol may also be the RTSP protocol (real time stream- 

40 ing protocol), for example. The start and end of a con- 
nection is readily detected from signalling according to 
the RTSP protocol. 

[0040] The inventive method can be used with both 
IP version 4 and IP version 6 protocols. 

45 [0041] In a further advantageous embodiment of the 
invention, the time elapsed between the sending of the 
first datagram via a route and the reception of a first da- 
tagram comprising information of a predefined type from 
the routes is measured for each route, and the route 

so having the shortest measured time is selected to be 
used for the new connection. Further, the measured 
time for the routes to a end node may be stored in a 
memory means. Later, if a new connection is to be es- 
tablished to the same end node, the stored times may 

ss be used as a basis for selection of a route without rep- 
lication of packets to various routes, if the stored time 
results are recent enough to have any trustworthiness. 
Such an arrangement can reduce signalling caused by 
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the inventive method. 

[0042] Further, the steps of setting or translating of 
source I P address of a datagram may also comprise the 
step of setting or translating of source TCP address of 
the datagram. 

[0043] I n an advantageous embodiment of the inven- 
tion, the network element performing the inventive 
method performs the load sharing of connections only 
for a certain protocol or certain group of protocols used 
on top of the IP protocols. For example, the network el- 
ement may for example only perform load sharing of 
TCP connections, or load sharing of TCP connections 
and speech connections. For the rest of IP traffic, the 
network element may function as a transparent proxy 
using a predefined route for the rest of the ! P traffic. The 
network element may also act as a conventional net- 
work address translating function: for the rest ol the IP 
traffic, if that is needed in a particular configuration. 
[0044] The previous, embodiments represent particu- 
larly advantageous embodiments of the invention. In the 
following, a more general view^of the invention is pre- 
sented with reference to figure 8. According to the meth- 
od, 

a route is selected 170 for a new connection to be 
established between the source node and an end 
node for transmission of packet traffic, 

- the selected route is taken into use by translating 
175 source IP addresses of packets transmitted 
from the source node to said end node to an IP ad- 
dress associated with the selected route, and 

- . saidtselection of a route is performed on the basis 

of predefined criteria. 

[0045] Preferably, said selection of a route is per- 
formed to balance the load of new connections between 
the plurality of possible routes. - , 
[0046] Preferably, the source node is connected to a 
first IP network, said end node is connected to a second 
IP.network, said first and second networks are connect- 
ed-via a plurality of paths, and each path of said plurality 
of paths corresponds to one route of the plurality of pos- 
sible routes. ... 

[0047] In various embodiments of the invention, vari- 
ous ways of performing the selection can be used. For 
example, as described previously, the selection may be 
.performed on the basis of round trip times measured by 
a packet replication method. However, other ways can 
be used as well. For. example, the- performance of the 
routes can be monitored continuously or for a certain 
period for obtaining statistical data of the performance 
of the routes, and the optimal route can be selected 
based on the measured statistics. Further, other types 
of load balancing algorithms such as those described in 
RFC 2391 can be used as well for making the decision 
about the selection of a route. Correspondingly, the pre- 
defined criteria as mentioned in the claims can be of 
many, different kinds. 
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[0048] Figure 9 illustrates a system according to an 
advantageous embodiment of the invention. Figure 9 
shows an internal IP network 10, an external network 
40, a network element 20, three different routes 30 be- 
s tween the network element 20 and an external network 
40, and an end node 50 in the external network. The 
system of figure 9 can be used for distribution of con- 
nections between a plurality of routes between a source 
node and end nodes, each of the routes being associ- 
10 ated with a plurality of IP addresses. The routes may 
correspond to different internet service providers, for ex- 
ample. The system is in figure 9 realized in a network 
element 20 connecting the internal or the- source net- 
work 1:0 to external networks 30, 40. 
is [0049] However, the system may also be realized in 
more than one physically separate device, whereby the 
invention is not limited to realization of the system in a 
single computing device. The system comprises 

means 250 for selecting a route for a new connec- 
tion to be established between the source node and 
an end node for transmission of packet traffic, 
- ; means 230 for translating 1 source IP addresses of 
packets for transmission from the source node to 
said end node to an IP address associated with the 
selected route, said means for selecting a route be- 
. ing arranged to select a route on the basis of .pre- 
defined criteria. 



20 



25 



30 [0050] Preferably, said means for selecting a route is 
arranged to perform the selection for balancing the load 
of new connections between the plurality of possible 
routes, 1 • 

[0051] Figure 9 illustrates also a further embodiment 
35 of the invention. According to the embodiment, the sys- 
tem comprises 

- . means 200 for detecting an IP datagram destined 
. . to an end node comprising a setup message ac- 
40 . cording to a second protocol, 

-■: •. means, 210 for sending said IP datagram to a first 
route of the plurality of routes for transmission to 
; said end node, 

means 220 lor copying said IP datagram for creat- 
45 ing a second IP datagram for transmission to said 
end node via a second route of the plurality of 
routes, 

means 230 for translating the source IP address of 
said second IP datagram to an IP address belong- 
so ing to the plurality of IP addresses associated with 
said second route, and 

means 240 for sending said second IP datagram to 
said second route for transmission to said end 
node. 

55 . 

[0052] Advantageously -the means 200, 210, 220, 
230, 240 are realized using software instructions stored 
in a memory means of the computer device or the com- 
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puter devices used for realizing the system, which in- 
structions are executed by the processing units of the 
computer device or the computer devices. 
[0053] The invention has several advantages. For ex- 
ample, the invention offers a solution that does not re- 5 
quire changes to clients or servers within the source net- 
work. Further, the inventive method can be tailored to 
provide load sharing for certain individual services or for 
all services used by a site. The inventive functionality 
can be integrated to firewalls, transparent HTTP prox- 10 
ies, or it can be realized for example using a dedicated 
gateway device. The inventive method is especially suit- 
able for load-balancing the HTTP protocol that forms out 
more than 90% of Internet traffic volume. 
[0054] The invention can also be used to increase the *5 
reliability of connections between a private network and 
an external IP network such as the Internet: If one of the 
routes between the two networks fail, the inventive 
method can automatically distribute all new connections 
to the rest of the routes. In such a case, the predefined 20 
criteria used in selection of the route advantageously 
take into account the state of the routes. 
[0055] The inventive method can also take into ac- 
count the differences in the performance of the parts of 
the routes which are inside the external network such 25 
as the Internet, if the route selection decisions are at 
least partly based on the performance of the routes. 
Therefore, not only the performance of the links via the 
internet service providers are taken into account, but al- 
so the performance of that part of the connections, 30 
which extend from the connecting point between the ISP 
equipment and the Internet to the end node within the 
Internet. 

[0056] The term end node in this application is used 
to mean a node, through which all the routes pass after 35 
traversing through at least partly separate nodes within 
a network. The end node does not need to be the final 
end point of a connection. For example, the end node 
may be an IP telephony server, which then forwards the 
received data stream to an IP telephone. In this exam- 40 
pie, the routes between which the selection is made are 
between the source node and the IP telephony server, 
and the IP telephony server is the end node according 
to the terminology of this application. 
[0057] Internet service providers have remarkable dif- 
ferences in international connections and the Internet 
changes all the time. The invention allows dynamical se- 
lection of the fastest ISP for each outgoing TCP/IP con- 
nection, i.e. the user has always the best possible con- 
nection to the destination. The invention removes the 50 
need for complicated BGP-4 multi-home routing config- 
urations. Further, the invention makes it easy to deploy 
new ISP connections. 

[0058] The invention can be used in such configura- 
tions, which have more than one route between a com- ss 
puter node and an IP network. For example, a company 
may have a connection to the Internet through more 
than one internet service provider for obtaining enough 
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band with and reliability. The invention can also be used 
by internet service providers having more than one com- 
munication link to the Internet. 

[0059] In view of the foregoing description it will be 
evident to a person skilled in the art that various modi- 
fications may be made within the scope of the invention. 
While a preferred embodiment of the invention has been 
described in detail, it should be apparent that many 
modifications and variations thereto are possible, all of 
which fall within the true spirit and scope of the inven- 
tion. 



Claims 

1. Method for distribution of connections between a 
plurality of possible routes for transmission of IP 
packet traffic between a source node and end 
nodes, each of the routes being associated with a 
plurality of IP addresses, 

characterized in that in the method 

a route is selected for a new connection to be 
established between the source node and an 
end node for transmission of packet traffic, 
the selected route is taken into use by translat- 
ing source IP addresses of packets transmitted 
from the source node to said end node to an IP 
address associated with the selected route, 
and 

said selection of a route is performed on the ba- 
sis of predefined criteria. 

2. Method according to claim 1 , characterized in that 
said selection of a route is performed to balance the 
load of new connections between the plurality of 
possible routes. 

3. Method according to claim 1 , characterized in that 

the source node is connected to a first IP net- 
work, 

said end node is connected to a second IP net- 
work, 

said first and second networks are connected 
via a plurality of paths; and each path of said 
plurality of paths corresponds to one route of 
the plurality of possible routes. 

4. Method according to claim 1 in which the connec- 
tions use the IP protocol and at least one second 
protocol, 

characterized in that the method comprises at 
least steps, in which 

a first IP datagram comprising a setup message 
of a second protocol is created for initiating a 
new connection to an end node using said sec- 



BNSDOCID: <EP 1065844A2J_> 



8 



• 4 



15 

ond protocol, 
said first IP datagram is sent through a first 
route of the routes between the source node 
and said end node, 
- said first IP datagram is copied lor creating a 
second IP datagram for sending through a sec- 
ond route of. the routes between the source 
■ node and said end node, 
the source IP address of said second IP data- 
gram is translated to an IP address selected 
from the plurality of IP addresses associated 
with said second route, 

said second I P datagram is transmitted via said 
second route to said end node, 
a first datagram comprising information of a 
predefined type is received from said end node 
via one of the routes, 1 and 
the route from which said first datagram com- 
. prising information of a predefined type is re- 
ceived is selected as the route to be used. 

5. A method according to claim 4, characterized in 
that the method comprises a step, in which the 
source IP address of said first IP datagram is trans- 
lated to an IP address selected from the plurality of 
IP addresses associated with said.first route. 

6. A method according to claim 4, characterized in 
that ■■-* ■ 

said first datagram comprising information of a pre- 
defined type is a first response datagram sent by 
said end node as a response to one of said first and 
second IP datagrams. 

7. A method according to claim 4, characterized in 
■ that 

connection setup signalling according to said sec- 
ond protocol is continued via the selected route. 

8. A method according to claim 4, characterized in 
. that the method 

after sending said first and second IP datagrams, 
connection setup signalling procedure is continued 
via said first and said second route, and 
said first datagram comprising information of a pre- 
defined type is a first IP datagram comprising pay- 
load data according to the second protocol sent by 
said end node. . 

9. A method according to claim 4, characterized in 
that " 

said second protocol is the TCP protocol. 

10. A method according to claim 1, characterized in 
that 

the IP protocol is IP version 4 protocol. 

11. A method according to claim 1, characterized in 
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that 

the IP protocol is IP version 6 protocol. 

12. A method according to claim 4, characterized in 
s that 

said second protocol is a protocol for carrying 
\ speech data. 

13. System for distribution of connections between a 
io plurality of possible routes for transmission of IP 

packet traffic between a source node and end 
> nodes, each of the routes being associated with a 
plurality of IP addresses, 
characterized in that the system comprises 
is .- ' 

- . means for selecting a route for a new connec- 

tion to be established between the source node 
and an end node for transmission of.packet traf- 
fic, 

20 . , -,>■-. means for translating source IP addresses of 
. : packets for transmission from the source node 
to said end node to an IP address associated 
with the selected route, said means for select- 
ing a route being arranged to select a route on 

25 the basis of predefined criteria. . 

14. System according to claim 13, characterized in 

that . 

said means for selecting a route is arranged to per- 
form the selection for balancing the load of newcon- 

• nections between the plurality of possible routes. 

15. System according to claim 13, characterized in 
that the system comprises 

means for detecting an IP datagram destined 
to an end node comprising a setup message 
; . according to a second protocol, 

- . means for sending said IP datagram to a first 
40 - , route of the plurality of routes for transmission 

- to said end node, 
• means for copying said IP datagram for creat- 
ing a. second IP datagram for transmission to 
said end node via a second route of the plurality 

45 of routes, 

means for translating the source IP address of 
said second IP datagram to an IP address be- 
longing to the plurality ;Of IP addresses associ- 
ated with said second route, and 

50 - means for sending said. second IP datagram to 
said second route for transmission to said end 
node. 

16.. A network element for distribution of connections 
55 between a plurality of possible routes for transmis- 
sion of IP packet traffic between a source node and 

• end nodes, each of the routes being associated with 

• a plurality of IP addresses, * 
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characterized in that the network element compris- 
es 

means tor selecting a route for a new connec- 
tion to be established between the source node s 
and an end node for transmission of packet traf- 
fic, 

means for translating source IP addresses of 
packets for transmission from the source node 
to said end node to an IP address associated 10 
with the selected route, said means for select- 
ing a route being arranged to select a route on 
the* basis of predefined criteria. 

17. A network element according to claim 16, charsc- - *5 
tertzed in that the network element comprises 

means for detecting an IP datagram destined, 
to an end node comprising a setup message 
according to a second protocol, 20 
means for sending said IP datagram to a first 
route of the plurality of routes for transmission 
to said end node, 

means for copying said IP datagram for creat- 
ing a second IP datagram for transmission to 25 
said end node via a second route of the plurality > , 
of routes, 

means for translating the source IP address of 
said second IP datagram to an IP address be- 
longing to the plurality of IP addresses associ- 30 
ated with said second route, and 
means for sending said second IP datagram to 
said second route for transmission to said end 
node. 

35 



" 40 



45 



50 



55 



10 



4 



EP 1 065 844 A2 



bit 



O i— CM CO 
III. 


tj- m co 
ill. 




(D N CO O) O CSJ CO ^ U) CO N GO Oi O r- 
i I I 1 1 1 I I I 1 1 I I 1 I 


Version 


IHL 


i i i i i _j — i — | 
Type of service 


Total length 


Identification 


Flags 


Fragment offset 


Time to live 


Protocol 


Header checksum 


Source address 


Destination address 


Options 


Padding 



Fig. 1 

PRIOR ART 



bit 

o^c^coTrincor^coo>ii^_i-IiJ^i^ijr cvj cvj c\ic\jcmc\jc\jcvic\jc\jcoco 

» i i I ' i ■ » I l_l I I I I I— I — I — I — 



J L 



J I I I I — I — I — L 



Source port 



Destination port 



Sequence number 



Acknowledgment number 



Data 
offset 



Reserved 



Window 



Checksum 



Urgent pointer 



Options 



Padding 



Fig. 3 

PRIOR ART 



BNSDOCID: <EP 1065844A2_I_> 



11 



• 



EP10S5 844 A2 



bit 



Oi-CMCOtMTKDNCOO) 



Ot-C\iCO^W(ONQOOiO'-CVICO^'U)<ONflOO)Oi- 

CVJCVJCNJCVJCVJCNCMCVJCVJOJCOCD 



1 1 1 1 1 1 1 1 1 1 1 1 J — 1 1 
Version | Priority j 


i i i — i — i — i — i — 
Row label 


— i — i — i — i i i i 


Payload length 


Next header 


Hop limit 



Source address 



Destination address 



Next header 


Extension header 


Next header 


Extension header 



Data 



Fig. 2 

PRIOR ART 



\ BNSDOCID: <EP 1065844A2J > 



12 



EP 1 065 844 A2 




EP 1 085 844 A2 



^ START ^ 



CREATION OF A FIRST 
DATAGRAM 



I 



100 



A/ 



SENDING OF A FIRST 
DATAGRAM 


\ 


t 


COPYING OF DATAGRAM 




f 


TRANSLATING OF I 
SOURCE IP ADDRESS j 




f 


SENDING OF A SECOND I 
DATAGRAM 






RECEIVING OF A 
DATAGRAM 




f 


SELECTION OF A ROUTE I 


\ 


r 



105 



110 



. 115 

r 

v 120 

r 



a/ 



125 



130 



1 

( ) 



Fig. 5 



Q START ^ 



A/ 



1 


r 


CREATION OF A FIRST 
DATAGRAM 






SENDING OF A FIRST 
DATAGRAM 




r 


CQPYING OF DATAGRAM 



100 



105 



110 



TRANSLATING OF 
SOURCE IP ADDRESS 



SENDING OF A SECOND 
DATAGRAM 



120 

W 



CONTINUING OF SETUP 
SIGNALLING 



I 



122 



A/ 



RECEIVING OF A 
DATAGRAM 




f 


I SELECTION OF A ROUTE 




r 



125 



130 



( END ) 
Fig. 6 



ISDOCID: <EP 1065844A2J_> 



14 



EP 1 065 844 A2 



10 

SOURCE 



20 
NODE 



SYN 



100 



30a 
ROUTE 1 



102 



TRANSLATING OF 
SOURCE IP ADDRESS 




G 

c 



110 



SYN 



105 



COPYING OF PACKET 



TRANSLATING OF 
SOURCE IP ADDRESS 



130 



115 
15>n 



SYN 



120 



125 
_J2_ 



( ROUTE 2 SELECTED ) 



SYN+ACK 




ACK 



145 

_^2_ 



150 

L \ 



SYN+ACK 



RST 



155 
_J2_ 



30b 
ROUTE 2 



SYN+ACK 



Fig. 7 



1065844A2_L> 



15 



EP 1 065 844 A2 



SELECTION OF A ROUTE 



170 
W 



TRANSLATION OF SOURCE W 
IP ADDRESSES 



C E "° ) 

Fig. 8 



175 




200 210 220 230 240 250 



Fig. 9 



16 



BNSDOCID: <EP 1065844A2J_> 



